With SHODAN at the Door, is it Still Possible to Lock Down Data?

The real-world SHODAN isn’t as malevolent as its fictional namesake. But in the wrong hands, it most definitely could be.

Although it has been around since 2009, SHODAN (taken from Sentient Hyper-Optimized Data Access Network, a form of artificial intelligence presented as a character in the video game System Shock) is currently being re-evaluated as one of the Internet’s biggest potential data security threats. That’s because SHODAN is a search engine designed not to locate websites and information as Google and Bing do, but computers instead.

Those computers—servers, routers, endpoint devices and the like—form the lion’s share of the world’s high-tech infrastructure. With SHODAN, users can easily identify, and possibly access, corporate communication networks, energy systems, command and control centers, even servers at government facilities. In the wrong hands, SHODAN can be dangerous indeed.

Because of SHODAN’s ability to assist in the disruption of everything from satellite communications to your home security system, many people are concerned. But the reach of this unique search tool is not limited to computers. Once inside a network, the data becomes fair game as well.

The true threat behind SHODAN lies in the number of devices connected to the Internet without some form of intrusion protection. Even if a core system is secure, an unprotected device linked to the system provides a back door for hackers to gain access.

Any individual or organization with confidential data on a computer inside a vulnerable, Internet-connected network runs the risk of data loss. To mitigate this risk, organizations should conduct a comprehensive audit of where data resides, and how (or even if) it is protected. While data sprawl is a fact of modern enterprises, an audit will help expose unsecured machine-to-machine connections (e.g., an industrial control system) that hackers can exploit.

It’s important to note that SHODAN is a “white hat” search tool, used primarily by researchers and security testers. Without a paid subscription it supports only a very limited number of searches. And as the creator of SHODAN, John Matherly, notes, cybercriminals have access to botnets that can achieve much of the same results without detection.

Still, such tools only underscore the need for proactive data protection in both the private and public sectors. Whether you’re a company, a government agency, an organization or just a single computer user, it’s important to proactively protect your data.